Skip to content

Commit

Permalink
Fix MM-42096 (#542)
Browse files Browse the repository at this point in the history
  • Loading branch information
hanzei authored Mar 1, 2022
1 parent 05062d3 commit 608024f
Showing 1 changed file with 15 additions and 14 deletions.
29 changes: 15 additions & 14 deletions server/plugin/webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"crypto/sha1" //nolint:gosec // GitHub webhooks are signed using sha1 https://developer.github.com/webhooks/.
"encoding/hex"
"encoding/json"
"io/ioutil"
"io"
"net/http"
"strings"
"sync"
Expand Down Expand Up @@ -147,13 +147,25 @@ func (wb *WebhookBroker) Close() {
func (p *Plugin) handleWebhook(w http.ResponseWriter, r *http.Request) {
config := p.getConfiguration()

signature := r.Header.Get("X-Hub-Signature")
body, err := ioutil.ReadAll(r.Body)
body, err := io.ReadAll(r.Body)
if err != nil {
http.Error(w, "Bad request body", http.StatusBadRequest)
return
}

signature := r.Header.Get("X-Hub-Signature")
valid, err := verifyWebhookSignature([]byte(config.WebhookSecret), signature, body)
if err != nil {
p.API.LogWarn("Failed to verify webhook signature", "error", err.Error())
http.Error(w, "", http.StatusInternalServerError)
return
}

if !valid {
http.Error(w, "Not authorized", http.StatusUnauthorized)
return
}

event, err := github.ParseWebHook(github.WebHookType(r), body)
if err != nil {
p.API.LogDebug("GitHub webhook content type should be set to \"application/json\"", "error", err.Error())
Expand All @@ -170,17 +182,6 @@ func (p *Plugin) handleWebhook(w http.ResponseWriter, r *http.Request) {
}
p.API.LogDebug("Webhook Event Log", "event", string(bodyByte))
}
valid, err := verifyWebhookSignature([]byte(config.WebhookSecret), signature, body)
if err != nil {
p.API.LogWarn("Failed to verify webhook signature", "error", err.Error())
http.Error(w, "", http.StatusInternalServerError)
return
}

if !valid {
http.Error(w, "Not authorized", http.StatusUnauthorized)
return
}

var repo *github.Repository
var handler func()
Expand Down

0 comments on commit 608024f

Please sign in to comment.